<?php

  // Contact form
  if (isset($_POST['submit'])) { // Handle the form.

    // Include myCheckContact class template
    include "cms/functions/check-email.php";

    // Create new object from class template
    $mycheckcontact = &New myCheckContact();

    // NAME: populate the object variable
    $mycheckcontact->name = $_POST['name'];
    // Run the checkName function
    $checkName = $mycheckcontact->checkName();
    if(!$checkName) { // If function returns false
      $problem = true;
      $response0 = "You didn't enter your name.<br />";
    }

    // EMAIL: ditto
    $mycheckcontact->email = $_POST['email'];
    $checkEmail = $mycheckcontact->checkEmail();
    if(!$checkEmail) {
      $problem = true;
      $response1 = "You didn't enter a valid email address.<br />";
    }

    // COMMENT: ditto
    $mycheckcontact->comment = $_POST['comment'];
    $checkComment = $mycheckcontact->checkComment();
    if(!$checkComment) {
      $problem = true;
      $response2 = "You didn't specify your enquiry.<br />";
    }

    // ANTI SPAM
    // First, make sure the form was posted from a browser.
    if(!isset($_SERVER['HTTP_USER_AGENT'])){
      die("Forbidden. You are not authorized to view this page.");
      exit;
    }

    // Make sure the form was indeed POSTed.
    if(!$_SERVER['REQUEST_METHOD'] == "POST"){ 
      die("Forbidden. You are not authorized to view this page.");
      exit;
    }

    // Host names from where the form is authorized to be posted from.
    $authHosts = array("yourdomain.com", "yourdomain.com", "yourdomain.com");

    // Where have we been posted from?
    $fromArray = parse_url(strtolower($_SERVER['HTTP_REFERER']));

    // Test to see if the $fromArray used www to get here.
    $wwwUsed = strpos($fromArray['host'], "www.");

    // Make sure the form was posted from an approved host name.
    if(!in_array(($wwwUsed === false ? $fromArray['host'] : substr(stristr($fromArray['host'], '.'), 1)), $authHosts)){
      header("HTTP/1.0 403 Forbidden");
      exit;
    }

    // Attempt to defend against header injections:
    $badStrings = array("Content-Type:", "MIME-Version:", "Content-Transfer-Encoding:", "bcc:", "cc:");

    // Loop through each POSTed value and test for $badStrings.
    foreach($_POST as $k => $v){
      foreach($badStrings as $v2){
        if(strpos($v, $v2) !== false){
          header("HTTP/1.0 403 Forbidden");
          exit;
        }
      }
    }

    // Made it past spammer test, free up some memory & proceed.
    unset($k, $v, $v2, $badStrings);
    // ANTI SPAM ends.

    // Attempt to strip out the backslashes.
    $_POST['name'] = stripslashes($_POST['name']);
    $_POST['comment'] = stripslashes($_POST['comment']);

    // If everything's okay, proceed and send an email.
    if (!$problem) {
      $response1 = ''; // Clear redundant error message.
      $content = ''; // Empties textarea if successful.
      $ip = $_SERVER['REMOTE_ADDR'];
      $record_title = 'For your records...';
      $body = "Here is what they sent:\nTheir name is '{$_POST['name']}'\nTheir email address is '{$_POST['email']}'\nTheir IP address is '$ip'\nTheir enquiry is '{$_POST['comment']}'";
      $body = wordwrap($body, 70);
      $headers = '';
      $myname = $_POST['name'];
      $sourceemail = $_POST['email'];
      $thesubject = 'Email enquiry from ' . $_POST['name'] . ' on your website.';
      // Additional headers:
      $headers .= "From: " . $myname . " <" . $sourceemail . ">\r\n";
      $headers .= 'Subject: ' . $thesubject . "\r\n";
      $headers .= "Return-path: " . $sourceemail . "\r\n";
      $headers .= "Reply-To: " . $sourceemail . "\r\n";
      $headers .= "Content-type: text/plain;\r\n";
      $headers .= "Mime-Version: 1.0\r\n";
      mail ('admin@yourdomain.com', $subject, $body, $headers);

      // Confirmation message:
      $body2 = "Hello {$_POST['name']}.\n\nYour comment/enquiry to Your Name at www.yourdomain.com has been received, and was:\n\n'{$_POST['comment']}'\n\nPlease do not reply directly to this auto-response message.";
      $body2 = wordwrap($body2, 70);
      mail ($_POST['email'], $record_title, $body2, 'From: auto-response');
      $response0 = 'Your comment/enquiry has been received, thankyou.';
    } else {
      $content = ($_POST['comment']);
      $response3 = 'Please try again.';
      $response4 = 'Please return to the form and complete.';
    }

  }

?>
<?php $thisLocation = 'root'; ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head profile="http://gmpg.org/xfn/11">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Contact Anyfork</title>
<meta name="description" content="Your Description." />
<meta name="keywords" content="Your Keywords" />
<link rel="stylesheet" href="cms/style.css" type="text/css" media="screen" />
</head>
<body>

<div id="wrap">
	<div id="header"></div>
	<div id="content">
<?php

  include ('cms/functions/le-format.php');
  include ('cms/functions/convert-characters.php');

?>

<h1>Contact Anyfork</h1>
<p>
    Email: michael@anyfork.com.au
</p>
<p>
    Ph: 03 9720-3675
</p>
<p>
    Fax: 03 9720-1595
</p>
<p>
    Mail: 2/18 Turbo Drive
</p>
	</div><!-- content_eof //-->
	<div id="navigation">

<ul id="menu">
<li><a href="http://cit3.ldl.swin.edu.au/~mascot/" title="Home Page">Home Page</a></li>
<?php

  include ('cms/classes/makebutton.class.php');
  include ('cms/includes/menu.php');

?>
<li><strong>Contact</strong></li>
<li><a href="http://cit3.ldl.swin.edu.au/~mascot/cms/admin/create.php" title="Admin">Admin</a></li>
<li><a href="http://code.google.com/p/mascotpunchers/" title="Google Code">Google Code</a></li>
</ul>

	</div><!-- navigation_eof //-->
	<div id="footer">



<?php include ('cms/includes/tracking.php'); ?>

	</div><!-- footer_eof //-->
</div><!-- wrap_eof //-->

</body>
</html>
